sfw free blocks fontawesome registry #24
Description
Hi and thanks for sfw ❤️
In one of our repo, we use the private fontawesome registry.
I think it's a nomal behavior since the doc says that sfw free doesn't support private registry, but maybe fontawesome is so widely used that you may want to whitelist it 🤷
Any way, whith a clean repo (no node_modules) and a clean pnpm store, here is the error I get when trying to fetch a fontawesome package :
❯ sfw pnpm install
Protected by Socket Firewall
Lockfile is up to date, resolution step is skipped
Packages: +15
+++++++++++++++
ERR_PNPM_FETCH_403 GET https://npm.fontawesome.com/@fortawesome/pro-duotone-svg-icons/-/pro-duotone-svg-icons-6.2.1.tgz: Forbidden - 403
An authorization header was used: Bearer 671F[hidden]
These authorization settings were found:
@jsr:registry=https://npm.jsr.io/
@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=671F[hidden]
//registry.npmjs.org/:_authToken=npm_[hidden]
Progress: resolved 15, reused 0, downloaded 1, added 0
=== Socket Firewall ===
- 1 packages fetched successfullyAnd here is the package.json that goes with it :
{
"name": "repro_sfw_fontawesome",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"setup": "node ./scripts/private-dep.js"
},
"dependencies": {
"@fortawesome/fontawesome-svg-core": "6.2.1",
"@fortawesome/pro-duotone-svg-icons": "6.2.1",
"@fortawesome/pro-light-svg-icons": "6.2.1",
"@fortawesome/pro-regular-svg-icons": "6.2.1",
"@fortawesome/pro-solid-svg-icons": "6.2.1",
"@fortawesome/pro-thin-svg-icons": "6.2.1",
"@fortawesome/react-fontawesome": "0.2.0",
"@fortawesome/sharp-solid-svg-icons": "6.2.1"
},
"keywords": [],
"author": "",
"license": "ISC",
"packageManager": "[email protected]"
}And the fontawesome private repo setup :
pnpm config set "@fortawesome:registry" https://npm.fontawesome.com/
pnpm config set "//npm.fontawesome.com/:_authToken" "${token}"`